From 68c76f348a60e4ae864e7638e7e7f4b8a2fa5e0e Mon Sep 17 00:00:00 2001
From: mmorenog <mmorenog@users.noreply.github.com>
Date: Wed, 20 Jul 2016 14:13:18 +0200
Subject: [PATCH] Delete LURK0_CCTV0.yar

---
 malware/LURK0_CCTV0.yar | 88 ----------------------------------------------------------------------------------------
 1 file changed, 88 deletions(-)
 delete mode 100644 malware/LURK0_CCTV0.yar

diff --git a/malware/LURK0_CCTV0.yar b/malware/LURK0_CCTV0.yar
deleted file mode 100644
index 089d25b..0000000
--- a/malware/LURK0_CCTV0.yar
+++ /dev/null
@@ -1,88 +0,0 @@
-rule LURK0Header : Family LURK0 {
-meta:
-description = "5 char code for LURK0"
-author = "Katie Kleemola"
-last_updated = "07-21-2014"
-
-strings:
-$ = { C6 [5] 4C C6 [5] 55 C6 [5] 52 C6 [5] 4B C6 [5] 30 }
-
-condition:
-any of them
-}
-
-rule CCTV0Header : Family CCTV0 {
-meta:
-description = "5 char code for LURK0"
-author = "Katie Kleemola"
-last_updated = "07-21-2014"
-
-strings:
-//if its just one char a time
-$ = { C6 [5] 43 C6 [5] 43 C6 [5] 54 C6 [5] 56 C6 [5] 30 }
-// bit hacky but for when samples dont just simply mov 1 char at a time
-$ = { B0 43 88 [3] 88 [3] C6 [3] 54 C6 [3] 56 [0-12] (B0 30 | C6 [3] 30) }
-
-condition:
-any of them
-}
-
-rule SharedStrings : Family {
-meta:
-description = "Internal names found in LURK0/CCTV0 samples"
-author = "Katie Kleemola"
-last_updated = "07-22-2014"
-
-strings:
-// internal names
-$i1 = "Butterfly.dll"
-$i2 = /\\BT[0-9.]+\\ButterFlyDLL\\/
-$i3 = "ETClientDLL"
-
-// dbx
-$d1 = "\\DbxUpdateET\\" wide
-$d2 = "\\DbxUpdateBT\\" wide
-$d3 = "\\DbxUpdate\\" wide
-
-// other folders
-$mc1 = "\\Micet\\"
-
-// embedded file names
-$n1 = "IconCacheEt.dat" wide
-$n2 = "IconConfigEt.dat" wide
-
-
- 
-$m1 = "\x00\x00ERXXXXXXX\x00\x00" wide
-$m2 = "\x00\x00111\x00\x00" wide
-$m3 = "\x00\x00ETUN\x00\x00" wide
-$m4 = "\x00\x00ER\x00\x00" wide
-
-condition:
-any of them //todo: finetune this
-
-}
-
-rule LURK0 : Family LURK0 {
-
-meta:
-description = "rule for lurk0"
-author = "Katie Kleemola"
-last_updated = "07-22-2014"
-
-condition:
-LURK0Header and SharedStrings
-
-}
-
-rule CCTV0 : Family CCTV0 {
-
-meta:
-description = "rule for cctv0"
-author = "Katie Kleemola"
-last_updated = "07-22-2014"
-
-condition:
-CCTV0Header and SharedStrings
-
-}
--
libgit2 0.26.0